Docket No,:03-4024 
Application No.: 10/826,897 

IN THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the application. 
Please amend claims 1, 2, 3, 7, 8, 9, 30, 31, 34, 39, 40, 44 and 45 as follows: 

1 . (Currently Amended) A method of detecting unauthorized access attempts to a network, 
comprising: 

receiving a request from a user to obtain an address; 
obtaining said address; 

applyi ng a f unction to said addres s to obtain a return addres s generating a return address 
corresponding to output of a function applied to said address , said return address corresponding 
to a used one of a block of addresses; 

returning said return address to said user; 

monitoring access to said address; and 

detecting an unauthorized attempt to access said address when an attempted address 
corresponds to an unused one of said block of addresses. 

2. (Currently Amended) The method according to claim 1 , wherein applying said function 
further comprises hashing a user address of said user to obtain one value of a range of values 
mapping to said block of addresses, said one value designating said used one of said block of 
addresses. 

3. (Currently Amended) The method according to claim 2, wherein applying said function 
further comprises hashing a time of said request. 

4. (Previously Presented) The method according to claim 2, wherein detecting comprises 
tracing said user when said attempted address corresponds to said unused one of said block of 
addresses. 

5. (Previously Presented) The method according to claim 4, comprising blocking 
additional unauthorized attempts when said attempted address corresponds to said unused one 
of said block of addresses. 
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6. (Previously Presented) The method according to claim 4, wherein unused ones of said 
block of addresses correspond to attack detectors. 

7. (Currently Amended) The method according to claim 1, wherein said function further 
comprises hashing a time of said request to obtain one value of a range of values mapping to 
said block of addresses, said one value designating said used one of said block of addresses. 

8. (Currently Amended) The method according to claim 1 , wherein ap p ly ing said function 
further comprises changing said used one of said block of addresses over time. 

9. (Currently Amended) The method according to claim 8, wherein applying said function 
further comprises determining a time period for changing said one of said block of addresses. 

1 0. (Previously Presented) The method according to claim 9, wherein determining the time 
period comprises using a pre-selected time period. 

1 1 . (Previously Presented) The method according to claim 9, wherein determining the time 
period comprises generating a random time period. 

12. (Previously Presented) The method according to claim 8, wherein changing said used 
one of said block of addresses comprises randomly choosing said used one from said block of 
addresses. 

13. (Previously Presented) The method according to claim 8, wherein detecting comprises 
tracing said user when said attempted address corresponds to said unused one of said block of 
addresses. 

1 4. (Previously Presented) The method according to claim 13, comprising blocking 
additional unauthorized attempts when said attempted address corresponds to said unused one 
of said block of addresses. 
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15. (Previously Presented) The method according to claim 13, wherein unused ones of said 
block of addresses correspond to attack detectors. 

16. (Previously Presented) The method according to claim 8, further comprising 
determining said attempt is authorized when a connection exists between said user and said 
unused address. 

1 7. (Previously Presented) The method according to claim 8, wherein changing said used 
one of said block of addresses comprises coordinating changes in a name-to-address database 
and a host identity-to-address database. 

18. (Previously Presented) The method according to claim 1, wherein detecting comprises 
tracing said user when said attempted address corresponds to said unused one of said block of 
addresses. 

19. (Previously Presented) The method according to claim 1 8, comprising blocking 
additional unauthorized attempts when said attempted address corresponds to said unused one 
of said block of addresses. 

20. (Previously Presented) The method according to claim 1 , wherein unused ones of said 
block of addresses correspond to attack detectors. 

2 1 . (Original) A computer-readable medium containing instructions for controlling a 
processor to detect unauthorized access attempts to a network by: 

receiving a request from a user to obtain an address; 
obtaining said address; 

applying a function to said address to obtain a return address generating a return address 
corresponding to output of a function applied to said address , said return address corresponding 
to a used one of a block of addresses; 

returning said return address to said user; 

monitoring access to said address; and 

detecting an unauthorized attempt to access said address when an attempted address 
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corresponds to an unused one of said block of addresses. 

22. (Previously Presented) The computer-readable medium of claim 21 , further comprising 
instructions for controlling the processor to apply said function by hashing at least one of a user 
address of said user and a time of said request to obtain one value of a range of values mapping 
to said block of addresses, said one value designating said used one of said block of addresses. 

23. (Previously Presented) The computer-readable medium of claim 21 , further comprising 
instructions for controlling the processor to detect said unauthorized attempt by tracing said 
user when said attempted address corresponds to said unused one of said block of addresses. 

24. (Previously Presented) The computer-readable medium of claim 23, further comprising 
instructions for controlling the processor to detect said unauthorized attempt by blocking 
additional unauthorized attempts when said attempted address corresponds to said unused one 
of said block of addresses. 

25. (Previously Presented) The computer-readable medium of claim 21, further comprising 
instructions for controlling the processor to apply said function by changing said used one of 
said block of addresses over time. 

26. (Previously Presented) The computer-readable medium of claim 25, further comprising 
instructions for controlling the processor to change said used one of said block of addresses 
over time by at least one of determining a time period using a pre-selected time period and 
determining a time period by generating a random time period. 

27. (Previously Presented) The computer-readable medium of claim 25, further comprising 
instructions for controlling the processor to change said used one of said block of addresses by 
randomly choosing said used one from said block of addresses. 

28. (Previously Presented) The computer-readable medium of claim 25, further comprising 
instructions for controlling the processor to determine said attempt is authorized by determining 
that a connection exists between said user and said unused address. 
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29. (Previously Presented) The computer-readable medium of claim 25, further comprising 
instructions for controlling the processor to change said used one of said block of addresses by 
coordinating changes in a name-to-address database and a host identity-to-address database. 

30. (Currently Amended) A system for detecting unauthorized access attempts to a network, 
comprising: 

means for receiving a request from a user to obtain an address; 
means for obtaining said address; 

means for generating a return address corresponding to output of a function applied to 
said address applying a function to said addre s s to obtain a return addr e ss , said return address 
corresponding to a used one of a block of addresses, said means for applying generating 
including a processor programmed to apply said function to obtain said reton-address; 

means for returning said return address to said user; 

means for monitoring access to said address; and 

means for detecting an unauthorized attempt to access said address when an attempted 
address corresponds to an unused one of said block of addresses. 

3 1 . (Currently Amended) The system of claim 30, wherein said means for applying 
generating further comprises means for hashing at least one of a user address of said user and a 
time of said request to obtain one value of a range of values mapping to said block of addresses, 
said one value designating said used one of said block of addresses. 

32. (Original) The system of claim 30, wherein said means for detecting further comprise 
means for tracing said user when said attempted address corresponds to said unused one of said 
block of addresses. 

33. (Original) The system of claim 32, wherein said means for detecting further comprise 
means for blocking additional unauthorized attempts when said attempted address corresponds 
to said unused one of said block of addresses. 

34. (Currently Amended) The system of claim 30, wherein said means for applying 
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generating further comprise means for changing said used one of said block of addresses over 
time. 

35. (Original) The system of claim 34, wherein said means for changing further comprise at 
least one of means for determining a time period using a pre-selected time period and means for 
determining a time period by generating a random time period. 

36. (Original) The system of claim 34, wherein said means for changing further comprise 
means for randomly choosing said used one from said block of addresses. 

37. (Original) The system of claim 34, further comprising means for determining said 
attempt is authorized when a connection exists between said user and said unused address. 

38. (Original) The system of claim 34, further comprising: 
a name-to-address database; 

a host identity-to-address database; and 

means for coordinating changes in said name-to-address database and said host identity- 
to-address database in conjunction with said means for changing. 

39. (Currently Amended) A computer program, disposed on a computer-readable medium, 
for enabling detection of unauthorized access attempts to a network, said computer program 
including instructions for causing a processor to: 

receive a request from a user to obtain an address; 
obtain said address; 

apply a function to said address to obtain a return address generate a return address 
corresponding to output of a function applied to said address, said return address corresponding 
to a used one of a block of addresses; 

return said return address to said user; 

monitor access to said address; and 

detect an unauthorized attempt to access said address when an attempted address 
corresponds to an unused one of said block of addresses. 
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40. (Currently Amended) The computer program of claim 39, wherein said instructions for 
causing the processor to apply said function generate said return address further include 
instructions for causing a processor to at least one of hash a user address of said user and hash a 
time of said request to obtain one value of a range of values mapping to said block of addresses, 
said one value designating said used one of said block of addresses. 

41 . (Previously Presented) The computer program of claim 40, wherein said instructions for 
causing the processor to detect further include instructions for causing a processor to trace said 
user when said attempted address corresponds to said unused one of said block of addresses. 

42. (Previously Presented) The computer program of claim 41 , further including instructions 
for causing the processor to block additional unauthorized attempts when said attempted 
address corresponds to said unused one of said block of addresses. 

43 . (Previously Presented) The computer program of claim 41 , further including instructions 
for causing the processor to correspond said unused ones of said block of addresses with attack 
detectors. 

44. (Currently Amended) The computer program of claim 39, wherein said instructions for 
causing the processor to apply said function generate said return address further include 
instructions for causing a processor to change said used one of said block of addresses over 
time. 

45. (Currently Amended) The computer program of claim 44, wherein said instructions for 
causing the processor to apply said function generate said return address further include 
instructions for causing a processor to at least one of use a pre-selected time period for 
changing said one of said block of addresses and generate a random time period for changing 
said one of said block of addresses. 

46. (Previously Presented) The computer program of claim 44, wherein said instructions for 
causing the processor to change said used one of said block of addresses further include 
instructions for causing a processor to randomly choose said used one from said block of 
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addresses. 

47. (Previously Presented) The computer program of claim 44, wherein said instructions for 
causing the processor to detect further include instruction for causing a processor to trace said 
user when said attempted address corresponds to said unused one of said block of addresses. 

48. (Previously Presented) The computer program of claim 47, further including instructions 
for causing the processor to block additional unauthorized attempts when said attempted 
address corresponds to said unused one of said block of addresses. 

49. (Previously Presented) The computer program of claim 47, further including instructions 
for causing the processor to correspond attack detectors with unused ones of said block of 
addresses. 

50. (Previously Presented) The computer program of claim 44, further including instructions 
for causing the processor to determine said attempt is authorized when a connection exists 
between said user and said unused address. 

5 1 . (Previously Presented) The computer program of claim 44, further including instructions 
for causing the processor to coordinate said change in a name-to-address database and a host 
identity-to-address database. 

52. (Previously Presented) The computer program of 39, wherein said instructions for 
causing the processor to detect further include instructions for causing a processor to trace said 
user when said attempted address corresponds to said unused one of said block of addresses. 

53 . (Previously Presented) The computer program of claim 52, further including instructions 
for causing the processor to block additional unauthorized attempts when said attempted 
address corresponds to said unused one of said block of addresses. 

54. (Previously Presented) The computer program of claim 39, further including 
instructions for causing the processor to correspond attack detectors with unused ones of said 
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